Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3566 PoC — OpenSSL 加密问题漏洞

Source
https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook
Associated Vulnerability
Title:OpenSSL 加密问题漏洞 (CVE-2014-3566)
Description:OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.1i版本及之前版本存在加密问题漏洞,该漏洞源于程序使用非确定性的CBC填充。攻击者利用该漏洞实施中间人攻击,获取明文数据。
Readme
# CVE-2014-3566-poodle

This cookbook will error out your chef run if your server is vulnerable to [CVE-2014-3566](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566).

Although this cookbook can be used to watch for failed chef runs, it is also a proof of concept.

## Supported Platforms

- Ubuntu 12.04
- Centos-6.4

## Attributes

<table>
  <tr>
    <th>Key</th>
    <th>Type</th>
    <th>Description</th>
    <th>Default</th>
  </tr>
  <tr>
    <td><tt>['CVE-2014-3566-poodle']['ports']</tt></td>
    <td>Array</td>
    <td>Ports to check for vulnerability</td>
    <td><tt>['443','8443']</tt></td>
  </tr>
</table>

## Usage

### CVE-2014-3566-poodle::default

Include `CVE-2014-3566-poodle` in your node's `run_list`:

```json
{
  "run_list": [
    "recipe[CVE-2014-3566-poodle::default]"
  ]
}
```

## Testing
This cookbook includes a psuedo test suite.  The first 2 suites should pass as they test a blank instance and an instance with defaunt nginx.  The third squite should fail on all platforms as port 443 ssl is opened in Nginx.

## License and Authors

Author:: Mike Splain (<mike.splain@gmail.com>)
File Snapshot

 [4.0K]  /data/pocs/82e64cddbe4f4bd57d7f1e381ed6fae3dba655b9
├── [4.0K]  attributes
│   └── [  58]  default.rb
├── [ 218]  Berksfile
├── [  49]  CHANGELOG.md
├── [ 960]  chefignore
├── [ 198]  Gemfile
├── [1.8K]  insecure
├── [  75]  LICENSE
├── [ 296]  metadata.rb
├── [ 489]  Rakefile
├── [1.1K]  README.md
├── [4.0K]  recipes
│   └── [ 383]  default.rb
├── [ 768]  secure
├── [4.0K]  test
│   └── [4.0K]  cookbooks
│       ├── [4.0K]  nginx_ssl_broken
│       │   ├── [4.0K]  attributes
│       │   │   └── [  46]  default.rb
│       │   ├── [4.0K]  files
│       │   │   └── [4.0K]  default
│       │   │       ├── [ 757]  server.crt
│       │   │       └── [ 891]  server.key
│       │   ├── [ 292]  metadata.rb
│       │   ├── [4.0K]  recipes
│       │   │   ├── [ 160]  default.rb
│       │   │   └── [ 553]  turn_on_ssl.rb
│       │   └── [4.0K]  templates
│       │       └── [4.0K]  default
│       │           └── [ 399]  test-site.erb
│       └── [4.0K]  nginx_ssl_fixed
│           ├── [4.0K]  attributes
│           │   └── [  46]  default.rb
│           ├── [4.0K]  files
│           │   └── [4.0K]  default
│           │       ├── [ 757]  server.crt
│           │       └── [ 891]  server.key
│           ├── [ 291]  metadata.rb
│           ├── [4.0K]  recipes
│           │   ├── [ 160]  default.rb
│           │   └── [ 553]  turn_on_ssl.rb
│           └── [4.0K]  templates
│               └── [4.0K]  default
│                   └── [ 393]  test-site.erb
├── [ 241]  Thorfile
└── [3.4K]  Vagrantfile

18 directories, 28 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.